Okta User Provisioning Guide

 

Overview

User provisioning integrates an external user directory with your Five to Nine organization. This guide describes how to configure user provisioning for Okta as an identity provider.

Provisioning is available for all Five to Nine accounts, which means that you can create, update, and deactivate accounts from your identity provider.

Prerequisites

There are a couple of things you need to do before you can provision external users into Five to Nine.

1.- Get the user provisioning functionality for your Okta account.

2.- Make sure you’re an admin for a Five to Nine organization.

3.- Verify one or more or your domains in your organization.

Features

The current features supported by the Okta SCIM integration for Five to Nine are:

  • Push New Users New users created through Okta will also be provisioned in Five to Nine.
  • Push Profile Updates Updates made to the user’s profile through Okta will be pushed to Five to Nine, updating the user’s attributes (e.g. Name, Office, etc.).
  • Link an existing user account If a Five to Nine account already exists on the Five to Nine platform, we’ll automatically link the user in your identity provider to the user in your Five to Nine organization.
  • Push User Deactivation Deactivating the user or disabling the user’s access to the application through Okta will deactivate the user in Five to Nine and deprovision his or her services.
  • Reactivate Users Reactivating a user in Okta will reactivate the user in Five to Nine.
  • Update a user’s account details You can update these user attributes from you identity provider:
    • Display name
    • Email address
    • Organization
    • Job title
    • Timezone
    • Department
    • See full Attribute mappings at the end of this guide

Step 1. Enable SCIM API integration in Okta

1. Log in to Okta and add the Five to Nine application

2. From the application, click on the Provisioning tab and then click Configure API integration.

3. Select Enable API integration.

  1. Enter the Base URL and API Token. The Base URL is “http://${your_subdomain}.fivetonine.community/public/scim/v2”.

To get your API Token please reach out to your Client Representative.

5. Click Test API Credentials. If the test passes, click Save.

6. Navigate to To App under Settings.

7. Select Edit and select Enable the following options: Create Users, Update User Attributes and Deactivate Users.

8. Select Save to apply the integration settings.

Step 2. Assign users to the Five to Nine application in Okta

1. In Okta, click the Assignments tab of the Five to Nine application:

2. Click Assign, then Groups. Select the group you’d like to assign.

To assign individual people in your organization, select Assign to People.

From your Five to Nine organization, verify that users are synced by going back to the User Provisioning page on Five to Nine. Your provisioned users will appear in the Contacts tab.

Attribute Attribute ID Attribute Type Value
Username userName Personal --
Given name givenName Personal user.firstName
Family name familyName Personal user.lastName
Middle name middleName Personal user.middleName
Honorific prefix honorificPrefix Personal user.honorificPrefix
Honorific suffix honorificSuffix Personal user.honorificSuffix
Primary email email Personal user.email
Primary email type email Personal (user.email != null && user.email != '') ? 'work' : ''
Title title Personal user.title
Display name displayName Personal user.displayName
Nickname nickName Personal user.nickName
Profile Url profileUrl Personal user.profileUrl
Primary phone primaryPhone Personal user.primaryPhone
Primary phone type primaryPhoneType Personal (user.primaryPhone != null && user.primaryPhone != '') ? 'work' : ''
Address type addressType Personal (user.streetAddress != null && user.streetAddress != '') ? 'work' : ''
Street address streetAddress Personal user.streetAddress
Locality locality Personal user.city
Region region Personal user.state
Postal Code postalCode Personal user.zipCode
Country code country Personal user.countryCode
Formatted Postal Address formatted Personal user.postalAddress
Preferred language preferredLanguage Group user.preferredLanguage
Locale locale Group user.locale
Time zone timezone Group user.timezone
User type userType Group user.userType
Employee number employeeNumber Personal user.employeeNumber
Cost center costCenter Group user.costCenter
Organization organization Group user.organization
Division division Group user.division
Department department Group user.department
Manager value managerValue Personal user.managerId
Manager display name managerDisplayName Personal user.manager